[c-nsp] 65xx or 76xx for 'Distribution Layer'?
Roland Dobbins
rdobbins at cisco.com
Wed Oct 17 10:10:40 EDT 2007
On Oct 17, 2007, at 9:00 PM, Drew Weaver wrote:
> 1) From a speed/functionality standpoint would a 7600 or a
> 6500 be better in the Router/Switch (distribution) scenario?
This decision should be based upon software feature and linecard/
interface requirements.
>
> 2) For our IGP (ospf) would it benefit us at all to have area
> 1 on the distribution layer and separate areas on each aggregation
> point? I've read both ways, that yes it does benefit you to do this
> and that no, it doesn't. (the idea is that the switches would each
> have their own area, and then the distribution layer would connect
> them all back to area 1).
Your backbone will be Area 0, not Area 1. And then you make other
areas (SAs, TSAs, NSSAs, etc.) for various other topologically
distinct portions of the network where it makes sense to do so, no?
These choices will be situationally-specific, based upon your
topology and desired routing policies.
>
> Any thoughts?
>
> The main reason for this switch is we want to be able to add things
> like IDS / DDOS mitigation, etc to our network and it seems like a
> wiser choice to aggregate all of the connections than to hang them
> off separately.
I would suggest taking a look at using NetFlow for detection/
classification/traceback at your peering/transit and customer
aggregation edges. For DDoS mitigation, take a look at S/RTBH at
your edges, and then if you're doing additional scrubbing and re-
injection, best to build a separate distribution environment or
environments to handle that function alone, IMHO.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // 408.527.6376 voice
I don't sound like nobody.
-- Elvis Presley
More information about the cisco-nsp
mailing list